Paper still dominates ID, KYC and AML processes – why?

Image by aldegonde | Bigstockphoto

Identity, know-your-customer (KYC) and anti-money laundry (AML) are critical issues, especially for financial institutions. They are complex areas for consumers too. Identity theft is a severe risk, and KYC and AML processes often make the customer experience difficult. You would think all three are mainly based on digital processes nowadays, but this is not the reality. There is frequently a complex gap between paper documents and digital processes.

For example, ID, KYC and AML checks are still often based on the paper-document model, where you have to provide things like bank statements, utility bills and receipts. These days, we usually have the option to receive the first two as PDFs, while we receive receipts for online purchases in the form of an email. Agreements are also often signed digitally.

But it’s not east to provide digital versions of these things for identification, KYC and AML purposes. For example, one bank doesn’t accept PDF bills or statements, but will accept a digital photo of a printed PDF because they think it’s harder to forge a photo than a PDF document. Many banks also expect all company documents to be printed on the company’s letterhead paper, which nowadays means that you need to copy-paste a logo to your document before printing it out. I don’t know if they seriously think these rules somehow guarantee the authenticity of the documents.

At the same time, paper utility bills and bank statements are serious security risks – if you throw them into the garbage bin, someone could steal them and be able to use your address details to get a credit card.

It is also typical that institutions request these documents by email, as well as a copy of your ID card or passport. As we know, ordinary email is not a very safe way to send documents, and provides yet another way for criminals to steal your identity.

Digital identity is not enough

Digital ID is a hot topic these days. However, at the moment, digital IDs don’t solve the problem of identity theft. For one thing, the digital ID market is too fragmented. Also, IDs as such can offer a solution for identification, but not authenticity of data. Many processes would require a chain of identifications and authenticity to verify that I am who I say I am.

To illustrate: if I want to prove my identity, address, and sources of wealth to a bank, I must have a digital identity the bank accepts and trusts. Then, if the bank wants to get proof of my address, I should have a utility contract or bill signed electronically by a utility company so that the bank can verify the signature. This would allow the bank to verify my address. Alternatively, a better solution would be for me to share my digitally verified address information (e.g., by a local authority, local tax office, or local utility providers). The bank clerk should be able to check if it is really verified data. And then, I should have bank statements, salary slips, and investment documents that could be verified (e.g., they come from a bank, employer, or investment service provider). This basically means there should be a system for digital verification encompassing all parties who could also confirm the veracity and relevance of electronic records.

Then we have one more additional aspect: highly sensitive data that no third party should be allowed to access. I should be the only one who can keep and manage that data myself. Most people don’t want to provide these documents even to their bank or authorities.

Blockchain is not enough

After taking this consideration into account, we quite naturally start thinking about blockchain, which is designed to track transactions, avoid third-party authority and guarantee privacy. Indeed, there are already many blockchain projects in this area.

But at the same time, the reality is that if you need to go through the process of ID, KYC, or AML, there currently isn’t a blockchain solution to do it (except maybe in some crypto services). If you want to open a bank account, invest in a company or transfer a lot of money, you still need those papers. The problem is not that we don’t have ideas about how we can do this ideally in the digital era. Rather, the problem is a practical one: how do we go digital in a way to make it even just a little bit better than the current paper-based system? In any case, trustless blockchain models don’t work for many of the needs we’re talking about here.

The sanctions on Russia, Russian businesses, and oligarchs have also illustrated that governments want to control these processes, and that they can. The current situation is probably a reminder that it is quite idealistic to think that crypto and blockchain enable currencies, financial authority, and transactions to be outside the government’s control. Maybe in some situations, when everything goes smoothly, this could be true. But governments want to have control of any crisis – whether it’s local, regional or global.

This doesn’t mean that blockchain, digital IDs and user control of data are useless. But we need to think about efficient solutions. Currently, we are in the midst of a situation that’s worse than the old paper-documents world. Thirty years ago, you had paper documents and agreements, and you kept them in a folder. However, nowadays people don’t even have their own copies of documents, paper or digital; they simply believe they can get them from their bank or other parties if they need them. Most of us don’t even have bank statements or electricity bills; we just trust we can get them from the bank’s or electricity company’s system if necessary.

Solutions for reality

The capability and tools to have a personal copy of your relevant data are basic needs that people should think more about. Your financial data is one critical data set, but there are many others too, such as your health data, important agreements, and personal certificates. It is essential to be able to check the authenticity of that data and those documents, whether it’s based on blockchain or on more centralized services. For some documents, we’ll also probably need authentication of a third party (e.g., government, notary, bank, auditor) in the future.

We need better solutions to handle basic digital processes, especially when the paper-based processes are not relevant or safe anymore. But for now, things have split into two very different tracks: many traditional companies and authorities still live with paper (or paper-looking) documents, while others want distributed solutions that must not have any trust or authority. We still need something in between – solutions that could help people manage their digital documents and data, prove them to be correct, and use them for their daily needs.

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.